Oracle Identity Cloud Token
Service Name: Oracle Identity Cloud Service (IDCS)
Service Description: Oracle Identity Cloud Service is a cloud-native security and identity management platform that provides comprehensive identity and access management capabilities for enterprise cloud deployments. It helps organizations manage user identities, secure access to applications, and enforce compliance policies.
Service Address: https://www.oracle.com/security/cloud-security/identity-cloud/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the service level through Oracle Identity Cloud Service's Security settings.
Secret Access Scope: Grants programmatic access to Oracle Identity Cloud Service APIs, allowing management of users, groups, applications, and security policies.
Secret Revokement URL: https://docs.oracle.com/en/cloud/paas/identity-cloud/uaids/revoke-oauth-tokens.html
Secret Example: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1dCI6Ik1yNS1BUWNKQzZaLTFLcmstQU1xVEJzQ3ZBcyIsImtpZCI6InRydXN0ZWQtYXBwLWNsaWVudC1rZXktMjAxNy0wOC0yMiJ9.eyJzdWIiOiJhZG1pbiIsInVzZXIudGVuYW50Lm5hbWUiOiJpZGNzLWFiY2QxMjM0IiwiaXNzIjoiaHR0cHM6Ly9pZGVudGl0eS5vcmFjbGVjbG91ZC5jb20vIiwidG9rX3R5cGUiOiJBVCIsImNsaWVudF9pZCI6IjEyMzQ1Njc4OTAiLCJhdWQiOiJodHRwczovL2lkY3MtYWJjZDEyMzQub3JhY2xlLmNvbSIsInN1Yl90eXBlIjoidXNlciIsInNjb3BlIjoiYXBpOmFsbCIsImNsaWVudF90ZW5hbnRuYW1lIjoiaWRjcy1hYmNkMTIzNCIsImV4cCI6MTU5OTEyMzQ1NiwiaWF0IjoxNTk5MDM3MDU2fQ.XYZ123ABC
Suspicious Activity Investigation Instructions:
- Review Oracle Identity Cloud Service audit logs for unusual authentication attempts or API calls.
- Check for unexpected user account creations, role assignments, or permission changes.
- Monitor for unusual access patterns or access from unexpected geographic locations.
- Review application access patterns for signs of unauthorized access.
- Check for changes to security policies or authentication settings.
Mitigation Instructions:
- Immediately revoke the compromised token through the Oracle Identity Cloud Service Admin Console.
- Navigate to Security > Tokens and revoke the specific token or all tokens for the affected client.
- Rotate any client secrets associated with the application that issued the token.
- Review and update access policies for the affected application or service.
- Enable multi-factor authentication for sensitive operations if not already in place.
- Consider implementing shorter token lifetimes to reduce the impact of token exposure.
- Review IP allowlists and update them to restrict access to trusted networks only.